![](/screenshots/be63fc32-4d6b-483b-9772-201add64e383.png)
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
Open in
urlscan Pro
149.255.59.17
Malicious Activity!
Public Scan
Effective URL: https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_
Submission: On June 30 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on June 30th 2023. Valid for: 3 months.
This is the only time gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 7 | 149.255.59.17 149.255.59.17 | 34931 (AWARESOFT) (AWARESOFT) | |
9 | 192.229.210.155 192.229.210.155 | 15133 (EDGECAST) (EDGECAST) | |
21 | 3 |
ASN34931 (AWARESOFT, GB)
PTR: cloud008.liveboxserver.uk
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2178 |
88 KB |
7 |
gameinfocenter.com
5 redirects
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com |
15 KB |
0 |
paypal.com
Failed
c.paypal.com Failed t.paypal.com Failed |
|
21 | 3 |
Domain | Requested by | |
---|---|---|
9 | www.paypalobjects.com |
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
www.paypalobjects.com |
7 | gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com |
5 redirects
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
www.paypalobjects.com |
0 | t.paypal.com Failed | |
0 | c.paypal.com Failed |
www.paypalobjects.com
|
21 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com R3 |
2023-06-30 - 2023-09-28 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2022-11-09 - 2023-12-10 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_
Frame ID: E2CC5FAA0E6C660870E52DD76EF07D9B
Requests: 19 HTTP requests in this frame
Frame:
https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Frame ID: F3EFBCDE88CCD3581795D350A25E4AEF
Requests: 1 HTTP requests in this frame
Frame:
https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html
Frame ID: 41A54302F7AC37452AEAED3D0DA4B830
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/be63fc32-4d6b-483b-9772-201add64e383.png)
Page URL History Show full URLs
-
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_ Page URL
Detected technologies
Detected patterns
- paypalobjects\.com
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/
HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d HTTP 301
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/ HTTP 302
https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/websrc?country.x=&locale.x=_ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
websrc
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/md2d/ Redirect Chain
|
37 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
layout.css
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/assets/css/ |
51 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-PN-check.png
www.paypalobjects.com/images/shared/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyph_alert_critical_big-2x.png
www.paypalobjects.com/images/shared/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fn-sync-telemetry-min.js
www.paypalobjects.com/web/res/1cf/5d991fc8223c2c9020ca6f94e84bb/js/lib/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-split.js
www.paypalobjects.com/web/res/1cf/5d991fc8223c2c9020ca6f94e84bb/js/ |
214 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa.js
www.paypalobjects.com/pa/js/min/ |
55 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grcenterprise_v3_static.js
www.paypalobjects.com/webcaptcha/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal-logo-129x32.svg
www.paypalobjects.com/images/shared/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
client-log
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fb.js
c.paypal.com/da/r/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
client-log
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
client-log
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
client-log
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
logclientdata
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grcenterprise_v3_static.html
www.paypalobjects.com/webcaptcha/ Frame F3EF |
5 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ts
t.paypal.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ts
t.paypal.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ts
t.paypal.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
logclientdata
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grcenterprise_v3_static.html
www.paypalobjects.com/webcaptcha/ Frame 41A5 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
- URL
- https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log
- Domain
- c.paypal.com
- URL
- https://c.paypal.com/da/r/fb.js
- Domain
- gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
- URL
- https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log
- Domain
- gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
- URL
- https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log
- Domain
- gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
- URL
- https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/signin/client-log
- Domain
- gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
- URL
- https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/logclientdata
- Domain
- t.paypal.com
- URL
- https://t.paypal.com/ts?v=1.7.9&t=1688160851672&g=0&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&qual=input_email&pgst=1688160851315&calc=f313017816851&nsid=kVMRnJWUBoOwU2MYW4EmL3oSyYqVbLCk&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=6f3b13bb82514b108464966e32a84849&comp=unifiedloginnodeweb&tsrce=unifiedloginnodeweb&cu=0&ef_policy=ccpa&xe=103119%2C107263%2C107263&xt=112308%2C133840%2C133840&transition_name=ss_prepare_email&userRedirected=true&ctx_login_ot_content=0&obex=signin&landing_page=login&state_name=begin_email&ctx_login_ctxid_fetch=ctxid-not-exist&ctx_login_content_fetch=success&ctx_login_lang_footer=shown&ctx_login_signup_btn=shown%7Cdefault&ctx_login_intent=signin&ctx_login_flow=Signin&ctx_login_state_transition=login_loaded&post_login_redirect=default&ret_url=%2F&e=im&imsrc=setup&view=%7B%22t10%22%3A1%2C%22t11%22%3A2043%2C%22tcp%22%3A2043%2C%22et%22%3A%224g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A0%7D&pt=C%CE%BFnnect%20y%CE%BFur%20G%CE%BF%CE%BFgle%20acc%CE%BFunt%2C%20check%20%CE%BFut%20faster%20%CE%BFn%20y%CE%BFur%20devices&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=1&t1c=0&t1d=0&t1s=0&t2=435&t3=1&t4d=0&t4=0&t4e=0&tt=0&rdc=5&protocol=h2&res=%7B%7D&3p_vid=3bf63ea27b8989b5&3p_fpti=41ee009c401f909b
- Domain
- t.paypal.com
- URL
- https://t.paypal.com/ts?v=1.7.9&t=1688160851682&g=0&e=err&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&comp=unifiedloginnodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0&3p_vid=3bf63ea27b8989b5&3p_fpti=41ee009c401f909b
- Domain
- t.paypal.com
- URL
- https://t.paypal.com/ts?v=1.7.9&t=1688160851683&g=0&e=err&page=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail%3A%3A%3A&pgrp=main%3Aunifiedlogin%3Asplitlogin%3A%3Aemail&comp=unifiedloginnodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0&3p_vid=3bf63ea27b8989b5&3p_fpti=41ee009c401f909b
- Domain
- gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
- URL
- https://gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/auth/logclientdata
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com/ | Name: PHPSESSID Value: 15f39eec57631068aa63d0ff0827e325 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.paypal.com
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
t.paypal.com
www.paypalobjects.com
c.paypal.com
gactyfgfuvcag.verification.vgcafvdew.gameinfocenter.com
t.paypal.com
149.255.59.17
192.229.210.155
13e4806e5c517e074ab1ea26fe0f2b7b87eaa3988006f35ed0bd4c89502d0d79
42721cfca446477610b6ff12ec73697561ee27e7a4ae2b9bc0afc521105f66c8
4a77d272b8cf508cc4a7e0da5763faa9958e42a5554fdb5d29fc3be51d685653
6e8e37915eb1665a083fec0014daa3a3c11d5a4293bda8ba179c8d9d6cf2a9bd
8b202d5bd55968ce4bfc21c063166eaebe62104275ce7ec362d78b64b2581c95
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
e50b882080c6a5462358bc7fb48517387c8889df7e7bd8aada5349682242f9fb
e973d3f8f304299a283ed574e321331b07a2a70d4ec85cb1be5876b2bcaae4f4
fdbf99d7f5e8d7cdbb6d679975ca31b5eea861aca1f0864e0bb3d995ca17efb5